Cisco IMC Auth Bypass via Password Change Exploit
CVE-2026-20093 Published on April 1, 2026
Cisco Integrated Management Controller Authentication Bypass Vulnerability
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
Vulnerability Analysis
CVE-2026-20093 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-20093
stack.watch emails you whenever new vulnerabilities are published in Cisco Enterprise Nfv Infrastructure Software or Cisco Unified Computing System. Just hit a watch button to start following.
Affected Versions
Cisco Enterprise NFV Infrastructure Software:- Version 4.1.1 is affected.
- Version 3.9.1 is affected.
- Version 3.5.2 is affected.
- Version 3.12.2 is affected.
- Version 3.6.2 is affected.
- Version 3.9.2 is affected.
- Version 3.11.3 is affected.
- Version 3.11.1 is affected.
- Version 3.5.1 is affected.
- Version 3.3.1 is affected.
- Version 3.10.2 is affected.
- Version 3.12.1b is affected.
- Version 3.4.1 is affected.
- Version 3.12.1a is affected.
- Version 3.6.3 is affected.
- Version 3.8.1 is affected.
- Version 3.11.2 is affected.
- Version 3.12.1 is affected.
- Version 3.12.3 is affected.
- Version 3.10.1 is affected.
- Version 3.6.1 is affected.
- Version 3.10.3 is affected.
- Version 3.7.1 is affected.
- Version 4.1.2 is affected.
- Version 4.2.1 is affected.
- Version 4.2.2 is affected.
- Version 4.4.1 is affected.
- Version 4.4.2 is affected.
- Version 4.5.1 is affected.
- Version 4.4.3 is affected.
- Version 4.6.1 is affected.
- Version 4.7.1 is affected.
- Version 4.6.2-FC2 is affected.
- Version 4.6.2-FC3 is affected.
- Version 4.6.2 is affected.
- Version 4.8.1 is affected.
- Version 4.8.2 is affected.
- Version 4.9.1 is affected.
- Version 4.6.3 is affected.
- Version 4.9.2-FC5 is affected.
- Version 4.9.2 is affected.
- Version 4.10.1 is affected.
- Version 4.9.3 is affected.
- Version 4.11.1 is affected.
- Version 4.9.4 is affected.
- Version 4.12.1 is affected.
- Version 4.6.4 is affected.
- Version 4.12.2 is affected.
- Version 4.13.1 is affected.
- Version 4.9.4-ES8 is affected.
- Version 4.9.5 is affected.
- Version 4.12.3 is affected.
- Version 4.6.5-ES1 is affected.
- Version 4.9.4-ES9 is affected.
- Version 4.14.1 is affected.
- Version 4.6.3-FC4 is affected.
- Version 4.9.4-FC3 is affected.
- Version 4.12.4 is affected.
- Version 4.15.1 is affected.
- Version 4.9.6 is affected.
- Version 4.16.1 is affected.
- Version 4.15.2 is affected.
- Version 4.12.5 is affected.
- Version 4.15.3 is affected.
- Version 4.15.4 is affected.
- Version 4.18.1 is affected.
- Version 4.12.6 is affected.
- Version 4.18.2 is affected.
- Version 4.18.2a is affected.
- Version 4.0(2g) is affected.
- Version 3.1(2i) is affected.
- Version 3.1(1d) is affected.
- Version 4.0(4i) is affected.
- Version 4.1(1c) is affected.
- Version 4.0(2c) is affected.
- Version 4.0(1e) is affected.
- Version 4.0(2h) is affected.
- Version 4.0(4h) is affected.
- Version 4.0(1h) is affected.
- Version 4.0(2l) is affected.
- Version 3.1(3g) is affected.
- Version 4.0(1.240) is affected.
- Version 4.0(2f) is affected.
- Version 4.0(1g) is affected.
- Version 4.0(2i) is affected.
- Version 3.1(3i) is affected.
- Version 4.0(4d) is affected.
- Version 4.1(1d) is affected.
- Version 3.1(3c) is affected.
- Version 4.0(4k) is affected.
- Version 3.1(2d) is affected.
- Version 3.1(3a) is affected.
- Version 3.1(3j) is affected.
- Version 4.0(2d) is affected.
- Version 4.1(1f) is affected.
- Version 4.0(1c) is affected.
- Version 4.0(4f) is affected.
- Version 4.0(4c) is affected.
- Version 3.1(3d) is affected.
- Version 3.1(2g) is affected.
- Version 3.1(2c) is affected.
- Version 4.0(1d) is affected.
- Version 3.1(2e) is affected.
- Version 4.0(1a) is affected.
- Version 4.0(1b) is affected.
- Version 3.1(3b) is affected.
- Version 4.0(4b) is affected.
- Version 3.1(2b) is affected.
- Version 4.0(4e) is affected.
- Version 3.1(3h) is affected.
- Version 4.0(4l) is affected.
- Version 4.1(1g) is affected.
- Version 4.1(2a) is affected.
- Version 4.0(2n) is affected.
- Version 4.1(1h) is affected.
- Version 3.1(3k) is affected.
- Version 4.1(2b) is affected.
- Version 4.0(2o) is affected.
- Version 4.0(4m) is affected.
- Version 4.1(2d) is affected.
- Version 4.1(3b) is affected.
- Version 4.0(2p) is affected.
- Version 4.1(2e) is affected.
- Version 4.1(2f) is affected.
- Version 4.0(4n) is affected.
- Version 4.0(2q) is affected.
- Version 4.1(3c) is affected.
- Version 4.0(2r) is affected.
- Version 4.1(3d) is affected.
- Version 4.1(2g) is affected.
- Version 4.1(2h) is affected.
- Version 4.1(3f) is affected.
- Version 4.1(2j) is affected.
- Version 4.1(2k) is affected.
- Version 4.1(3h) is affected.
- Version 4.2(2a) is affected.
- Version 4.1(3i) is affected.
- Version 4.2(2f) is affected.
- Version 4.2(2g) is affected.
- Version 4.2(3b) is affected.
- Version 4.1(3l) is affected.
- Version 4.2(3d) is affected.
- Version 4.3(1.230097) is affected.
- Version 4.2(1e) is affected.
- Version 4.2(1b) is affected.
- Version 4.2(1j) is affected.
- Version 4.2(1i) is affected.
- Version 4.2(1f) is affected.
- Version 4.2(1a) is affected.
- Version 4.2(1c) is affected.
- Version 4.2(1g) is affected.
- Version 4.3(1.230124) is affected.
- Version 4.1(2l) is affected.
- Version 4.2(3e) is affected.
- Version 4.3(1.230138) is affected.
- Version 4.2(3g) is affected.
- Version 4.3(2.230207) is affected.
- Version 4.2(3h) is affected.
- Version 4.2(3i) is affected.
- Version 4.3(2.230270) is affected.
- Version 4.1(3m) is affected.
- Version 4.1(2m) is affected.
- Version 4.3(2.240002) is affected.
- Version 4.3(3.240022) is affected.
- Version 4.2(3j) is affected.
- Version 4.1(3n) is affected.
- Version 4.3(2.240009) is affected.
- Version 4.3(3.240043) is affected.
- Version 4.3(4.240142) is affected.
- Version 4.3(2.240037) is affected.
- Version 4.3(2.240053) is affected.
- Version 4.3(4.240152) is affected.
- Version 4.2(3l) is affected.
- Version 4.3(2.240077) is affected.
- Version 4.3(4.242028) is affected.
- Version 4.3(4.241063) is affected.
- Version 4.3(4.242038) is affected.
- Version 4.2(3m) is affected.
- Version 4.3(2.240090) is affected.
- Version 4.3(5.240021) is affected.
- Version 4.3(2.240107) is affected.
- Version 4.3(4.242066) is affected.
- Version 4.2(3n) is affected.
- Version 4.3(5.250001) is affected.
- Version 4.2(3o) is affected.
- Version 4.3(2.250016) is affected.
- Version 4.3(2.250021) is affected.
- Version 4.3(5.250030) is affected.
- Version 4.3(2.250022) is affected.
- Version 4.3(6.250040) is affected.
- Version 4.3(5.250033) is affected.
- Version 4.3(6.250044) is affected.
- Version 4.3(6.250053) is affected.
- Version 4.3(2.250037) is affected.
- Version 4.3(2.250045) is affected.
- Version 4.3(4.252001) is affected.
- Version 4.3(4.252002) is affected.
- Version 6.0(1.250127) is affected.
- Version 4.2(3p) is affected.
- Version 6.0(1.250131) is affected.
- Version 4.3(6.250101) is affected.
- Version 4.3(6.250117) is affected.
- Version 4.3(5.250043) is affected.
- Version 4.3(6.250039) is affected.
- Version 4.3(5.250045) is affected.
- Version 4.3(6.250060) is affected.
- Version 6.0(1.250130) is affected.
- Version 4.3(4.241014) is affected.
- Version 4.3(2.250063) is affected.
- Version 4.3(6.260003) is affected.
- Version 3.2.7 is affected.
- Version 3.2.6 is affected.
- Version 3.2.4 is affected.
- Version 3.2.10 is affected.
- Version 3.2.2 is affected.
- Version 3.2.3 is affected.
- Version 2.4.0 is affected.
- Version 3.2.1 is affected.
- Version 3.2.11.1 is affected.
- Version 3.2.8 is affected.
- Version 3.1.1 is affected.
- Version 3.0.2 is affected.
- Version 2.1.0 is affected.
- Version 2.2.2 is affected.
- Version 3.1.2 is affected.
- Version 3.0.1 is affected.
- Version 2.3.2 is affected.
- Version 2.3.5 is affected.
- Version 2.2.1 is affected.
- Version 3.1.4 is affected.
- Version 2.4.1 is affected.
- Version 2.3.1 is affected.
- Version 3.1.3 is affected.
- Version 2.3.3 is affected.
- Version 2.4.2 is affected.
- Version 3.1.5 is affected.
- Version 3.1.0 is affected.
- Version 2.0.0 is affected.
- Version 3.2.11.3 is affected.
- Version 3.2.11.5 is affected.
- Version 3.2.12.2 is affected.
- Version 3.2.13.6 is affected.
- Version 3.2.14 is affected.
- Version 4.11.1 is affected.
- Version 3.2.15 is affected.
- Version 4.12.1 is affected.
- Version 3.2.15.3 is affected.
- Version 4.12.2 is affected.
- Version 3.2.16.1 is affected.
- Version 4.00 is affected.
- Version 4.15.2 is affected.
- Version 4.02 is affected.
Exploit Probability
EPSS
0.03%
Percentile
8.77%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.